Executive Summary

Informations
NameCVE-2006-3617First vendor Publication2006-07-18
VendorCveLast vendor Modification2018-10-18

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Cvss Base Score5.8Attack RangeNetwork
Cvss Impact Score4.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cross-site scripting (XSS) vulnerability in pblguestbook.php in Pixelated By Lev (PBL) Guestbook 1.32 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) message (aka comments), (3) website, and (4) email parameters, which bypasses XSS protection mechanisms that check for SCRIPT tags but not others, as demonstrated by a javascript URI in an onMouseOver attribute and the src attribute in an iframe tag. NOTE: some vectors might overlap CVE-2006-2975, although the use of alternate manipulations makes it unclear.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3617

CAPEC : Common Attack Pattern Enumeration & Classification

idName
CAPEC-18Embedding Scripts in Nonscript Elements
CAPEC-19Embedding Scripts within Scripts
CAPEC-32Embedding Scripts in HTTP Query Strings
CAPEC-63Simple Script Injection
CAPEC-71Using Unicode Encoding to Bypass Validation Logic
CAPEC-80Using UTF-8 Encoding to Bypass Validation Logic
CAPEC-85Client Network Footprinting (using AJAX/XSS)
CAPEC-86Embedding Script (XSS ) in HTTP Headers
CAPEC-91XSS in IMG Tags

CWE : Common Weakness Enumeration

%idName

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1

Open Source Vulnerability Database (OSVDB)

idDescription
58826Pixelated By Lev (PBL) Guestbook pblguestbook.php Multiple Parameter XSS

Sources (Detail)

SourceUrl
BUGTRAQ http://www.securityfocus.com/archive/1/439486/100/0/threaded
MISC http://www.neosecurityteam.net/index.php?action=advisories&id=23
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/27006

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2018-10-18 21:20:15
  • Multiple Updates
2017-07-20 09:23:45
  • Multiple Updates
2013-05-11 11:03:24
  • Multiple Updates